REMARKS 



The time and courtesy of Examiner Nooristany in the course of a telephonic 
interview on 10 December 2009 with attorney Edward Callan is sincerely appreciated. 
The matters discussed during the interview included the Response to Arguments set forth 
in the Office Action of September 30^ 2009, a proposed amendment of claims 13-16 to 
meet the rejection thereof under Section 1 12^ second paragraph, and the rejection of 
claims 13-16 under 35 U.S.C. 103. No agreement was reached as to the allowability of 
any of the claims. 

Claim Rejections - 35 U.S.C. 112 

The rejection of claims 13-16 under 35 U.S.C. 1 12, second paragraph, is met by 
the amendment of these claims to provide an antecedent basis for the recitation of 
"executable programs" by revising these claims to recite: "wherein when executable 
programs are sent as attachments to e-mails", A correlation of these claims with claim 9 
is provided by the recitation of "an incoming email" in claim 9, from which all of claims 
13-16 ultimately depend. 

Claim Rejections - 35 U.S.C. 103 

The rejection of claims 9-17 and 25-28 under 35 U.S.C. 103(a) (claims 26-1 8 are 
cancelled) as being unpatentable over US patent 6,249, 805 to Fleming, in view of US 
patent No. 5,999,967 to Sundsted, is respectfiiUy traversed for at least the following 
reasons: 

Referring to MPEP 21 1 1, the first main heading is: "Claims Must Be Given Their 
Broadest Reasonable Interpretation." However, that leaves out some very important 
qualifying words, which appear in the first sentence of this section: "consistent with the 

specification/' Therefore, there are two very important concepts that govern how 
examiners must approach the understanding of the claims under examination. They are 
that the interpretation must be reasonable^ and that the interpretation must be consistent 
with the specification. 
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Here the Examiner has appHed the Fleming reference to the limitations of lines 1- 
9 of claim 9, and has sought to find obviousness based on the teachings of Sundsted with 
respect to the limitations in lines 10-13 of that claim. 

The Examiner's overly broad and clearly erroneous interpretation of the last 
paragraph of claim 9, that is necessary to support his rejection of these claims is not a 
reasonable interpretation of the plain language of the terms of the claims that is 
consistent with the Specification of the present application, as required by MPEP 2111 
and211L01. 

The last paragraph of claim 9 recites: 

"performing an analysis to see if there is serial, incremental user 
identification occurring so that conclusions can be drawn conceming 
automatic attempts at breaking into the e-mail system". 

The relevant portion of the Specification that supports the last paragraph of claim 
9 is the paragraph at page 3, lines 15-19 (paragraph 0016 of the pubHshed application), 
which states: 

"On the other hand, the e-mail can be analyzed to see if there is serial^ 
incremental user identification occurring, which would enable inferences to be 
drawn concerning automatic attempts at breaking into the e-mail system. This 
additional analysis makes it possible to very easily identify malicious individuals 
who automatically try all possible codes," 

The last paragraph of claim 9 and the relevant portion of the Specification require 

both 

• that the analysis is to see if there is serial^ incremental user identification 

occuiTing, and 

• that the occurrence of serial, incremental user identification enables 
conclusions to be drawn conceming automatic attempts at breaking into 
the e-mail system. 

In the system disclosed by Sundsted, a received e-mail is accompanied by an 
electronic stamp. The electronic stamp includes a Serial Number Field 40, a Value Field 
41, a Date Field 42, a Hash Field 43, a Receiver Address Field 44, a Sender Address 
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Field 45, an Identification Field 46, and a Signature Field 47, as shown in FIG. 4. At 
column 7, line 1 to column 8, line 24, Sundsted discloses that: 

The Serial Number Field 40 holds the serial number of the electronic 
stamp. This number is issued by the sending system. A serial number must never 
be reissued. The simplest serial number generator is a counter that is incremented 
for each electronic stamp generated 

Value Field 41 holds the amount the sender agrees to pay the receiver if 
the receiver accepts the electronic mail. 

Date Field 42 holds the creation date of the electronic stamp. 

Hash Field 43 holds a value computed from the contents of the body of the 
electronic mail.... 

Receiver Address Field 44 holds the address of the receiver of the 
electronic mail. 

Sender Address Field 45 holds the address of the sender of the electronic 

mail. 

The values in Hash Field 43, Receiver Address Field 44, and Sender 
Address Field 45 serve to bind the electronic stamp to a piece of electronic mail. 
Without this infomiation, a malicious party could intercept the electronic mail, 
remove the electronic stamp, and place it on another electronic mail. 

Identification Field 46 holds the identification number of the sending 
system. Each sendmg system will be issued a unique identification number. 

Signature Field 47 holds the digital signature of the electronic stamp. Tlie 
digital signature may be computed using any secure digital signature algorithm. . , 

Once it assembles the values in Serial Number Field 40, Value Field 41, 
Date Field 42, Hash Field 43, Receiver Address Field 44, Sender Address Field 
45, and Identification Field 46, the sending system generates the digital signature 
of the electronic stamp and signs the electronic stamp with it. Without this digital 
signature, a malicious party could forge an electronic stamp claiming to be from 
any sender in the electronic mail system. 

Analysis Module 23 reads the identity of the sending system from 
Identification Field 46 and the digital signature from Signature Field 47. It 
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verifies the identity of the sending system and the integrity of the electronic stamp 
by testing the digital signature. If the digital signature fails the test, tliis is a sure 
indication that either the electronic stamp has been corrupted or tampered with, or 
someone other than the sender created the electronic stamp. In either case, the 
electronic stamp and the associated electronic mail should he rejected. 

Analysis Module 23 reads the hash value from the Hash Field 43. It 
compares this value with the value it calculates from the body of the electronic 
mail. If the comparison fails, this is a good indication that either the electronic 
mail has been corrupted or the electronic stamp is no longer attached to the 
original piece of electronic mail. In either case, the electronic stamp and the 
associated electronic mail should be rejected. 

Analysis Module 23 reads the address of the receiver from Receiver 
Address Field 44, and the address of the sender from Sender Address Field 45. It 
then compares these values with the appropriate parts of the electronic mail. If 
the comparison fails, tliis is a good indication that either the electronic mail has 
been corrupted or the electronic stamp is no longer attached to the original piece 
of electronic mail In either case, the electronic stamp and the associated 
electronic mail should be rejected. 

Analysis Module 23 reads the serial number [of the electronic stamp] 
from Serial Number Field 40. It then checks History Log 25 to see if this 
electronic stamp has been received before. If the electronic stamp is found in 
History Log 25, this is a good indication that the electronic mail has been 
delivered multiple times, either due to a fault in the electronic mail systan or due 
to malicious intent. In either case, the electronic stamp and the associated 
electronic mail should be rejected* (Emphasis added to the above quoted 
paragraphs from Sundsted.) 

The analyses performed by Sundsted' s Analysis Module 23 are quire different 
from the analysis recited in the last paragraph of claim 9, which requires (a) that the 
analysis is to see if there is serial, incremental user identification occurring, and (b) 
that the occun'ence of serial, incremental user identification enables conclusions to be 
drawn concerning automatic attempts at breaking into the e-mail system. 
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The Examiner J in contravention of the applicable MPEP instructions, has 
unreasonably interpreted the plain language of the terms recited in the last paragraph of 
claim 9 broadly enough to support his erroneous conclusion that the analysis elements 
recited in this paragraph are taught by Sundsted. It appears ftom the Examiner's 
"Response to Arguments" in the Office Action of 30 September 2009 that the Examiner 
is asserting that Sundsted teaches "performing an analysis to see if there is serial, 
incremental user identification occurring so that conclusions can be drawn conceming 
automatic attempts at breaking into the e-mail system," as recited in the last paragraph of 
claim 9, for the reason that Sundsted's Analysis Module 23 reads fix)m Serial Number 
Field 40 the serial number of the electronic stamp that is generated in each individual 
sending system by a counter that is incremented for each electronic stamp generated, and 
then checks History Log 25 to see if this electronic stamp has been received before, 
whereby if the electronic stamp is found in History Log 25, this is a good indication that 
the electronic mail has been delivered multiple times^ either due to a fault in the 
electronic mail system or due to malicious intent, and because the electronic stamp also 
includes Identification Field 46 that holds the identification number of the sending 
system. 

This assertion by the Examiner is not based upon a reasonable interpretation of 
the plain language of the terms of the claims and is not consistent with the Specification 
of the present application for at least the following reasons: 

• Sundsted's Analysis Module 23 does not see if serial, incremental i4ser 
identification is occurring, as required by the plain language of the last paragraph 
of claim 9. User identification is provided by the Receiver Address Field 44, the 
Sender Address Field 45 and the IdentijScation Field 46, but not the Serial 
Number Field 40, which is the only field from which tiie Analysis Module 23 can 
see if any type of serial, incremental identification is occiming. 

• Analysis Module 23 of Sundsted reads the address of the receiver from Receiver 
Address Field 44, and the address of the sender from Sender Address Field 45, 
and then compares these values with the appropriate parts of the electronic mail 
Analysis Module 23 does not see if eitlier serial, incremental receiver address 
identification , or serial, incremental sender address identification, is occurring. 
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The only processing by Analysis Module 23 of Identification Field 46 is to read 
the identity of the sending system from Identification Field 46, 
The only occurrence of serial, incremental identification that is seen by Analysis 
Module 23 is the occurrence of serial, incremental electronic stamp identification 
that is seen by Analysis Module 23 whenever emails accompanied by electronic 
stamps having consecutively generated serial numbers are consecutively received 
fix)m the same email sending system, 

Such an occurrence of serial^ incremental electronic stamp serial number 
identification is not an irregular occurrence that causes Analysis Module 23 to 
reject the email, such as happens whenever the serial number of the electronic 
stamp is the same as the serial number of a previously received electronic stamp 
that has been stored in History Log 25. 

Such an occurrence of serial, incremental electronic stamp serial number 
identification does not enable a conclusion to be drawn concerning automatic 
attempts at breaking into the e-mail system, as required by the last paragraph of 
claim 9. Furthermore, any conclusion that could be drawn fi-om such an 
occun'cnce concerning automatic attempts at breaking into the e-mail system 
would not be consistent with the relevant portion of the Applicant's Specification, 
which states: 

*'the e-mail can be analyzed to see if there is serial, incremental user 
identification occurring^ which would enable inferences to be drawn 
concerning automatic attempts at breaking into the e-mail system. This 

additional analysis makes it possible to very easily identify malicious 
individuals who automatically try all possible codes " (emphasis added) 
(paragraph [0016]). 

An attempt in wliich all possible codes are tried is a type of attempt that can be 
identified by the occurrence of serial, incremental user identification, fi-om which 
conclusions can be drawn concerning automatic attempts at breaking into the 
e-mail system by automatically, serially, incrementally changing the user 
identification until the changed user identification matches an authorized user 
identification. 
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• Sundsted's Analysis Module 23 will not see that serial, incremental electronic 
stamp identification is occurring either (1) whenever consecutively received 
emails bearing electronic stamps are received from different email sending 
systems, (2) whenever emails bearing electronic stamps having consecutively 

generated serial numbers are not received consecutively, or (3) whenever emails 
bearing the same electronic stamp are received from the same email sending 
system, 

• The first and second cases are regular occurrences that do not enable a 
conclusion to be drawn concerning automatic attempts at breaking into the 
e-mail system. 

• Although the third case is an irregular occurrence that enables a 
conclusion to be drawn in accordance with Sundsted's teaching that the 
electronic mail has been delivered multiple times, either due to a fault in 
the electronic mail system or due to malicious intent, the third case is not 
an occurrence of serial, incremental mer identification that enables a 
conclusion to be drawn concerning automatic attempts at breaking into the 
e-mail system, as required by the last paragraph of claim 9, Furthermore, 
any conclusion that could be drawn from the third case concerning 
automatic attempts at breaking into tlie e-mail system would be 
inconsistent witli the relevant portion of the Specification, which is quoted 
above. 

Thus, it must be concluded that Sundsted does not teach either (a) an analysis to 
see if serial^ incremental user identification is occurring or (b) that it is when serial, 
incremental user identification is occurring that a conclusion can be drawn that there is an 
automatic attempt at breaking into the e-mail system, as required by the last paragraph of 
claim 9. 

The Examiner is respectively requested to either withdraw this rejection or to 
specifically point out any fallacy in the foregoing arguments. 

Remaining claims 10-17 and 25 ultimately depend from claim 9 and thereby are 
believed to be patentable for at least the same reasons as stated above for the allowance 
of claim 9. 
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The rejection of claims 13-16 under 35 U.S.C, 103(a) as being unpatentable over 
Fleming in view of Sundsted, and further in view of US Patent Application Publication 
No. 200400654498 by Shipp is respectfully traversed for at least the following reasons; 

Claims 13-16 ultimately depend from claim 9 and thereby are patentable for at 
least the same reasons as stated above for the allowance of claim 9. 

In addition to the recitations in claim 9, each of dependent claims 13-16 further 

recites, 

"wherein when executable programs are sent as attachments to e-mails, all said 

executable programs are automatically separated in the JMB." 

Shipp was cited as teaching that "it is well known to have system wherein all 
executable programs sent as attachments to e-mails are automatically separated." 
However, Shipp does not teach or suggest that all attached executable programs sent as 
attachments to e-mails are automatically separated, as required by claims 13-16. 

Shipp teaches that emails having various identifiable characteristics, including 
attached executable programs, are stopped. At paragraphs 133-138 Shipp further states: 
[0133] The stopper 25 takes signatures from the searcher 24. The signature 

identifies characteristics of emails which must be stopped* On receiving the 

signature, all future matching emails are treated as viruses, and stopped, 
[0134] Obviously, the stopping action can take a number of forms, 

including 

[0135] Disposmg of the infected emails without sending them to 
their addressed recipients. 

[0136] Flolding them in temporary storage and notifying the 
addressee by email that an infected message has been intercepted 
and is being held for a period for their retrieval, should they wish, 
otherwise it will be deleted. 

[0137] Disinfecting the email by removing the virus threat by any 
suitable means; for example if the virus is an executable 
attachment, it can be detached or disarmed before forwarding the 
email to its addressees. The email may be modified by the 
inclusion of a text message saying that the email has been 
disinfected. 
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[0138] Where a virus is detected, an automated mail server 30 may notify 
other sites of the relevant characteristics of the infected emails, either to alert 
human operators or to supply embodiments of the invention at remote sites with 
the characteristics of the emails necessary for their stoppers 25 to stop them. 
Claims 13-16 do recite that an email having an executable program 
attachment is separated in the JMB. The reasonable interpretation of the plain language 
of each of these claims is that all executable programs that are attached to emails are 
separated from the emails in the JMB. 

Shipp's only teaching of an executable program being separated from an email is 
in paragraph 0137, in which it is stated: "if the virus is an executable attachment, it can 
be detached or disamied before foi-warding the email to its addressees," This teaching 
does not suggest that all said executable programs are automatically separated, as 
required by each of claims 13-16. 

The Examiner is respectively requested to either withdraw this rejection or to 
specifically point out any fallacy in the foregoing argument. 

The rejection of 17-20 as being unpatentable under 35 U.S.C. 103(a) over 
Fleming in view of Sundsted, further in view of US Patent Application Publication No, 
20040054733 (Weeks), is respectfully traversed for at least the reason that these claims 
ultimately depend from claim 9, whereby remaining claim 17 (claims 18-20 are 
cancelled) is patentable for at least the same reasons as stated above for the allowance of 
claim 9, 

The rejection of claim 21-24 as being unpatentable under 35 U.S.C. 103(a) over 
Fleming in view of Sundsted, further in view of US patent 7,072,944 to Lalonde, and 
further in view of Shipp, is respectfully traversed for at least the reason these claims 
ultimately depend from claim 9, whereby remaining claim 21 is patentable for at least the 
same reasons as stated above for the allowance of claim 9, The additional references fail 
to supply the teachings which are missing in Fleming and Sundsted and have been 
pointed out in detail above. 

New Claims 

New independent claims 29 and 34 are supported by the disclosure in the last 
paragraph of claim 9 and the relevant portion of the Specification recited at page 3, Imes 
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15-19 (paragraph 0016 of the published application) and are believed to be allowable for 
at least the same reasons as stated above for the allowance of claim 9. 

New claims 30 and 35 depend, respectively, from new claims 29 and 34 and recite 
the same subject matter as recited in claims 13-16 and thereby are allowable for at least 
the same reasons as stated above for the allowance of claims 13-16. 

New claims 31 and 36 depend, respectively, from new claims 29 and 34 and recite 
the same subject matter as recited in claim 17 and thereby are allowable for at least the 
same reasons as stated above for the allowance of claim 17. 

New claims 32 and 37 depend, respectively, from new claims 29 and 34 recite 
the same subject matter as recited in claim 21 and thereby is allowable for at least the 
same reasons as stated above for the allowance of claim 21 . 

New claim 33 depends from new claim 29 and recites the same subject matter as 
recited in claim 25 and thereby is allowable for at least the same reasons as stated above 
for the allowance of claim 25. 

Conclusion 

Reconsideration and allowance of all the claims in this application are 
respectfully requested. Should any issues remain unresolved Examiner Nooristany is 
invited to contact the undersigned attorney. 



RespectfiiUy submitted, 
Walter KELLER 



The Maxham Finn 

A Professional Corporation 

9330 Scranton Road, Suite 350 




San Diego, California 92121 
Telephone: (858) 587-7659 
Facsimile: (858) 587-7658 



By: 



\jaLva&pL<Xi A. Maxham 
Atromey for AppUcant 
Registration No. 24,483 
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